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This paper investigates the use of proof (or acceptance) test data during the 
reliability based design optimization of structural components. It is assumed 
that every component will be proof tested and that the component will only enter 
into service if it passes the proof test. The goal is to reduce the component 
weight, while maintaining high reliability, by exploiting the proof test results 
during the design process. The proposed procedure results in the simultaneous 
design of the structural component and the proof test itself and provides the 
designer with direct control over the probability of failing the proof test. The 
procedure is illustrated using two analytical example problems and the results 
indicate that significant weight savings are possible when exploiting the proof 
test results during the design process. 
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R Correlation matrix 
p Mean value 

G Linearized limit state function 

o Stress value 

c Allowable stress 
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L Allowable service load 

A Proof test success event 

b Width 

F Failure event 

/ Objective function 

G Limit state function 

h Height 

L Service load 

l Length 

M Number of analysis in a Monte Carlo simulation 
m Number of proof loads 

mf Number of failure modes 

mp Number of proof failure modes 

N Normal distribution 

n Number of design variables 
P Probability 

p Proof load magnitude 

Pf Probability of failure estimated by a Monte Carlo simulation 
q Distributed load 

s Standard deviation 

SF Safety factor 

x Design variable 


I. Introduction 


R eliability based design optimization (RBDO) is becoming more popular as a method 
for designing reliable structures when presented with uncertainty in the problem pa- 
rameters. There are currently a large number of research projects that investigate the 
efficient application of RBDO to real life scenarios. These include methods for efficiently 
estimating the probability of failure (e.g., Grandhi and Wang 1 ) as well as methods for up- 
dating the uncertainty as more data (typically as a result of additional testing) becomes 
available (e.g., Acar et al. 2 ). In general these studies present numerically efficient method- 
ologies that provide the most benefit (typically in the form of weight savings) by using 
RBDO. 

This paper investigates an alternative RBDO approach that may enable significant weight 
savings, without accepting higher risk. The approach is best explained by considering 
the life cycle of a structure as outlined by the USAF Aircraft Structural Integrity Pro- 
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gram (ASIP). The ASIP considers the full life cycle of a vehicle consisting of: requirement 
specification (Task 1); design and development (Task 2); verification testing (Task 3); 
test evaluation/analysis for certification and sustainment (Task 4); and force manage- 
ment/sustainment (Task 5). The ASIP is focused on designs that result in robust vehi- 
cle operations, and it is usually acceptable to incur performance (i.e., weight) penalties 
that minimize periodic inspections and/or repairs. The ASIP process only provides loose 
coupling between the outlined tasks. The present paper will propose an integrated engi- 
neering approach that combines several of these tasks to enable significant performance 
enhancements by utilizing proof (or acceptance) test data during the RBDO of structural 
components. A key assumption in the present work is that every component that is man- 
ufactured is proof tested and will only enter into service if it passes the proof test. The 
research was motivated by the current design process at NASA, which can be summarized 
as: 

1. Mostly a deterministic design process 

2. Typically only a relatively small number of components are manufactured 

3. Virtually all components are proof tested before entering service 

The advantage of considering a RBDO approach over the traditional deterministic ap- 
proach within the NASA context has already been illustrated (e.g., Mason and Krishna- 
murthy 3 ). The goal here is to show how the RBDO process can further benefit by also 
exploiting proof test data in cases where it is available. In this research, a proof test is 
considered as a test that simulates the service load and that is performed on every compo- 
nent before entering service. Currently, proof tests are conducted at NASA, but the results 
of the proof tests are not directly included in the design process. The influence of proof 
testing on the strength distribution has been previously reported by Herbert and Trilling 4 
in the context of thermal loading. Herbert and Trilling 4 accounted for the reduced uncer- 
tainty in the strength distribution in their RBDO approach, but did not include the proof 
test as part of the design process. In contrast Acar et al. 2 considered the influence of future 
uncertainty reduction measures in the form of structural tests on aircraft safety during the 
design process, resulting in simultaneous design of the structure and the tests. However, 
the work by Acar et al. 2 concentrated on future tests that are aimed at the reduction of 
uncertainty (for example coupon tests) and not proof tests. In addition, the additional 
information is used to update the uncertainty in the mean failure stress using a Bayesian 
update procedure. In the current work proof tests will be considered and no Bayesian 
updating will be performed. 

The proposed RBDO approach aims to provide significant weight reductions, while 
maintaining high levels of reliability. Also, the methodology provides the designer with 
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direct control over the probability of failing the proof test itself. Controlling the probability 
of failing the proof test is a desirable and extremely important feature. In some cases, 
where the cost of failing the proof test is bearable, larger weight savings can be realized by 
accepting higher risk. In other cases, where a proof test failure would be extremely costly, 
the risk of failing the proof test can be reduced but will increase the component weight. 

Although the current work was inspired by the NASA design process where virtually all 
components are proof tested before entering service, the methodology could also be used 
to investigate the addition of simple proof tests to components that are currently not proof 
tested. For example, commercial aircraft are typically type certified. Type certification 
involves extensive testing that is performed on a small number of prototypes, while the 
production planes that are delivered to the customers are only subjected to limited testing. 
In these cases, it could be worthwhile to investigate the cost benefit of adding simple proof 
tests to each of the production aircraft as well. An example may be to connect actuators to 
the wings to perform a simple bending proof test on each aircraft. 

II. Reliability Based Design Optimization 

The traditional deterministic design process accounts for uncertainty in the problem 
parameters by using safety factors. Safety factors for airframe structural design have a 
long heritage that has evolved over many years. The safety factor approach provides for 
structural reliability by requiring that the design structural strength be greater than the 
stresses induced by external loads by at least the factor of safety. Historically, the safety 
factor accounts for uncertainties such as the occurrence of extreme loads, inaccuracies of 
stress prediction methods, variability of materials, variability in fabrication workmanship, 
and structural strength deterioration over the lifetime of an airframe. The values used for 
safety factors have evolved over many years and typically have been reduced as greater 
knowledge and reduced variability in materials and processes were obtained. 5 

The traditional deterministic design process is illustrated by the following example, 
where a structural component is designed subject to a stress constraint as follows: 

Minimize: /(x) 

Such That: o max (x) < o faa (1) 

lower upper ■ 

X- < X; < Xj l = l,n 

In Eq. 1, /(x) represents the objective function (typically weight), x the vector of n design 
variables, o max the maximum stress in the component and Of a u the failure stress. Upper 
and lower bounds on the design variables are specified by x| ower and x“ ppef respectively. 
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To deal with uncertainty, a safety factor is typically used to obtain a design load L for 
calculating the maximum stress o max . In addition, the stress limit is adjusted to obtain an 
allowable stress limit df a u. A standard approach for generating an allowable stress limit is 
to obtain data from simple coupon or element tests and then perform a statistical analysis 
to estimate an allowable stress which has a specified, low probability of causing a structural 
failure. The allowable stress limit is calculated to be the mean failure stress from the tests, 
reduced by the product of the test standard deviation times a stress limit adjustment factor. 
The stress limit adjustment factor used here, is referred to as a K-factor and is a function 
of the desired reliability, the confidence requirement and the test sample size. A K-factor 
equal to three (which implies three standard deviations from the mean value) is assumed 
here without specifying these inputs. As a comparison, if a reliability of 99%, with a 95% 
confidence level (A-basis allowable) is desirable, and the material failure is governed by a 
normal distribution, about 35 tests are required to obtain a K-factor of three. 6 

If we assume that the uncertainty in the load and the failure stress are normally dis- 
tributed, the design load can be obtained from: 

L = SF (p L + 3s l ) (2) 

where + 3s L is defined as the limit load. Launch vehicles typically makes use of a 
limit load of three standard deviation loads from trajectory simulations with dispersion. 
Aircraft have a larger empirical database that they can use. For the purposes of this paper, 
a limit load of three standard deviation loads from the mean load was used, similar to the 
approach used for launch vehicles. The allowable failure stress could be obtained from: 

ail — Fa fan ~ f a n (3) 

In Eq. 2 the safety factor SF is applied to the limit load, which in the present work is 
defined as three standard deviations s L above the mean value of the service load L. In 
Eq. 3 an allowable failure stress, similar to the A- or B-basis approach, is defined. The 
allowable failure stress is defined as three standard deviations s 0fail below the mean value 
Fa fan °f the failure stress Of a u. Note that the deterministic design process typically does not 
directly account for uncertainty in problem parameters other than the applied load and 
stress allowable. 

In contrast, RBDO does not make use of safety factors, but instead directly accounts for 
the uncertainty in all problem parameters to obtain a probability of failure. The equivalent 
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RBDO formulation for Eq. 1 would be: 


Minimize: f(x ) 

Such That: P(F) < P req (4) 

lower upper ■ 

X- < Xi < Xj 1= l,n 

where the probability of failure P(F) is constrained to be less than the allowed probability 
of failure P req specified by the designer. 

In the present work, the deterministic design approach is simulated by first solving each 
example problem using the deterministic approach outlined in Eq. 1. For the determin- 
istic design, the design load and failure stress allowable are obtained from Eqs. 2 and 3 
respectively. 

The deterministic design is followed by a reliability analysis, where all random vari- 
ables are assumed to be independent and normally distributed with known distributions. 
Although independent, normally distributed random variables are assumed in the present 
work, dependent and non-normal variables could also be considered. These variables 
could be transformed into independent normal variables, using for example the Rosen- 
blatt 7 transformation. The results of the deterministic design are assumed to be the mean 
quantities in the reliability evaluation of the deterministic design. The resulting probabil- 
ity of failure is then used as the probability of failure constraint P req in Eq. 4. The idea is 
thus to obtain a RBDO design with the same reliability as the corresponding deterministic 
design. Finally, the proof test data will be accounted for in an attempt to realize further 
weight savings. 


III. Influence of Proof Testing 

When calculating the probability of failure for a structural component, one is interested 
in the probability that the applied load is larger than the strength of the structure. The 
probability of failure is denoted by P(F). Schematically, a qualitative representation of the 
failure region can be represented as shown in Fig. 1, with the failure region indicated by 
the shaded area. 

When performing a successful proof test, the strength of the component that was proof 
tested is known to be larger than the load value at which the proof test was conducted. If 
one assumes that the component either fails the proof test or remains in pristine condition 
after the proof test, the proof test in effect cuts off the tail of the strength distribution as 
illustrated in Fig. 2. The assumption that a component that passes the proof test is not 
damaged by the proof test will be used throughout this paper. This is a critical assumption 
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Figure 1. Probability density distributions for stress due to applied load, and structural strength 
(Region contributing to probability of failure indicated by shading) 


that should be noted. Accounting for the effect of damage as a result of the proof test will 
be the subject of future research. 



Figure 2. Influence of proof test on strength distribution (Region indicating the probability of failing 
the proof test 1 - P(A) is shaded) 


The effect of the proof test on calculating the probability of failure after the proof test 
is performed, is shown in Fig. 3. Note that the failure region is now much smaller than 
that shown in Fig. 1. 



Figure 3. Probability density distributions for stress due to applied load, and structural strength 
including proof test effect (Region contributing to probability of failure indicated by shading. Note 
that Fig. 1 denotes P(F), while Fig. 3 denotes the conditional probability P(F\A)) 

The probability of failure shown in Fig. 3, can be expressed as a conditional probability 
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of failure, denoted by P(F|A). This conditional probability of failure can be stated as the 
probability of failure (condition F), provided that the proof test was successful (condition 
A). The proof test is successful if the component does not fail and is not damaged when 
the test is performed. When considering the proof test results in the design process, the 
probability of failure of the structure is obtained from the conditional probability of failure 
P(F| A) rather than from the probability of failure P(F) as was the case when no proof test 
data was considered. 

The deterministic design approach thus reduces the probability of failure by making use 
of proof tests. However, this reduction in the probability of failure is not quantified and is 
thus not directly included in the design process. In the present work, this reduction in the 
probability of failure will be quantified by calculating the P(F|A) value and by using this 
value in the design process to realize additional weight savings. The RBDO formulation 
when including the proof load results, can then be written as: 

Minimize: f{x ) 

Such That: P(F|A) < P req 

1 - P(A) — Pproof (5) 

x l ° wer < Xi < *“ pper i = l,n 

piower < pj < p. j = 1 , m 

where 1 — P(A) is the probability of failing the proof test, P pr0 of is the maximum acceptable 
probability of failing the proof test and pj are the variables that describe the magnitude 
of the proof load. When compared to Eq. 4, this new RBDO formulation has an additional 
constraint that controls the probability of failing the proof test and includes extra design 
variables pj that describe the magnitude of the proof test loads. The designer thus has 
direct control over the probability of failing the proof test and the magnitude of the proof 
test loads are designed simultaneously with the structural component. 

IV. Calculating the Probability of Failure 

Since the calculation of the probability of failure is a costly exercise that requires mul- 
tiple function evaluations, it is no surprise that the literature provides many methods for 
efficient calculation of the probability of failure. These methods typically have to manage a 
trade-off between numerical efficiency and accuracy. Efficient evaluation of the probability 
of failure is especially important in an optimization framework, since the computational 
cost is compounded by the fact that a two-level optimization process is encountered in 
RBDO. At the outer level is the structural optimization problem and at the inner level the 
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calculation of the probability of failure. 

The focus of the current study is not the efficient calculation of the probability of failure, 
but rather the effect of including the proof test data in the RBDO process. As a result, it 
was decided to use a well established and popular method for calculating the probability of 
failure. The method selected here is the first order reliability method (FORM). 8 It should 
be noted that although the FORM approach is widely used, it may not converge to the most 
probably point of failure (MPP) for cases with complex limit state functions. For problems 
with complex limit state functions, system reliability techniques based on fault or event 
trees and numerical techniques tailored to the specific problem at hand may be required. 

The FORM method operates in the standard normal space where all random variables 
are assumed to be independent normal variables that are scaled to have a mean value of 
0 and a standard deviation of 1. A normal distribution with a mean of 0 and a standard 
deviation of 1 is denoted by 1V(0, 1). The FORM method estimates the probability of failure 
using a linear approximation of the limit state function G(X) at the most probable point of 
failure. Where the upper case X is used to denote a random variable. In the present work 
the limit state function is defined in terms of the stress constraint as: 


G(X) = o fa a(X) - <w(X) 


( 6 ) 


The limit state is defined as G(X) = 0 and provides the interface between the failure 
G(X) < 0 and safe G(X) > 0 regions of the design space. Note that there is a different 
convention between the constraint definition for the deterministic design process and the 
limit state function used in RBDO. In Eq. 1 the stress constraint is defined to be violated 
when it has a positive value. In Eq. 6 the limit state function is defined to be violated when 
it has a negative value. This difference was applied here for consistency with the existing 
literature. 

The FORM algorithm used here is a straight-forward implementation of the algorithm 
outlined in Haidar and Mahadevan. 9 This algorithm makes use of a Newton-Raphson type 
iteration scheme to find the MPP. 

When using the FORM approach, the linearized limit state function is a linear combi- 
nation of independent, normal, random variables and as a result is also a normally dis- 
tributed random variable. The estimated probability of failure P(F) obtained from the 
FORM method can then be calculated numerically using Eq. 7: 


P(F) = P(G 


rc 

4 > ft = 

Jn 


\Z2tt 


exp 


■ks ) 2 


dg 


(7) 


where /) indicates the shortest distance from the origin of the standard normal space to the 
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limit state function and is obtained from the FORM method. The upper case G denotes 
the random variable that describes the linearized limit state function in the standard space 
and the lower case g denotes an instance of that random variable. The integral on the 
right hand side of Eq. 7 is simply the probability density function of a normally distributed 
random variable in the standard space. 

To evaluate the conditional probability of failure P(F|A), it is necessary to use the 
multiplication rule (e.g., Haidar and Mahadevan 9 ), which states that the joint probability 
P(F fl A) of F and A is equal to: 


P(F IT A) = P(F|A) P(A) 


( 8 ) 


where P(A) can be obtained directly from the FORM method as outlined above. P(F fl A) 
can be obtained from: 


P(F fl A) = P | (G\ 



— Pi) n (g 2 > P 2 ) — 


~2 g R 8 


dg'idg' 2 


(9) 


which is simply the integral of the bi-variate normal probability density function in the 
standard space. Within the current framework, F and A are guaranteed to be normal 
variables, due to the fact that they are obtained from linearized limit state functions. To 
evaluate Eq. 9, it is first necessary to perform two FORM analyses to obtain P(F) and P(A) 
respectively. These two FORM analyses also provide the values for Pi and p 2 as well as 
the information required to construct the correlation matrix, R. The correlation matrix 
is a symmetric matrix with all diagonal elements equal to one. For the bi- variate case 
of Eq. 9, this is a 2x2 matrix and only a single entry r 12 is unknown. The r 12 value can 
be obtained from the dot product of the gradients of the linearized limit state functions 
(e.g., Pandey 10 ). As was the case for Eq. 7, no analytical solution exists for this integral. 
However, several very efficient numerical integration schemes are available (e.g., the al- 
gorithms provided by Donnelly, 11 Drezner and Wesolowsky 12 and Cox and Wermuth 13 ). 


V. Calculating the System Probability of Failure 

So far the conditional probability of failure has been considered for the special case 
where only a single service load failure F and a single proof load A was considered. In 
general, however, multiple service load failures F and multiple proof loads A are possible. 
When considering more then one failure mode, one needs to consider a system reliability 
approach to obtain the probability of failure for the component. There are many system re- 
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liability approaches available, but the two that are most often encountered are a series and 
a parallel approach (e.g., Haidar and Mahadevan 9 ). Serial system failure occurs when any 
of the failure modes are violated and the resulting probability of system failure represents 
a union of all the failure events as illustrated in Eq. 10: 


P S (F) = P(Fi UF 2 U...UF m/ ) 


( 10 ) 


Parallel system failure occurs when all of the failure modes are violated and the resulting 
probability of system failure represents an intersection of all the failure modes as illustrated 
in Eq. 11: 

PpiF) = p(F 1 nF 2 n...nF mf ) (li) 

The parallel system failure P p (F) can easily be evaluated from: 


P p (F) = 


poo 

f°° R 1/2 

“'An/ 

■J„ 


1 — tT n -i— l 
2 8 R 8 


dg[ ■ ■ ■ dg[ 


mf 


( 12 ) 


which is the same integral as shown in Eq. 9, but now generalized for mf failure modes, 
with the correlation matrix R being a mf x mf matrix. Unlike the uni- and bi-variate inte- 
grals of Eqs. 7 and 9, the multi-variate integral of Eq. 12 can be more difficult to evaluate, 
especially for larger values of mf. Typically, this multi-variate integral is evaluated using 
one of three approaches (e.g. Gassmann 14 ): 

1. Bounding the answer (e.g. Ditlevsen, 15 Ramachandran 16 and Ditlevsen 17 ) 

2. Approximating the answer (e.g. Hohenbichler and Rackwitz, 18 Tang and Melchers 19 
and Pandey 10 ) 

3. Performing numerical integration (e.g. Drezner 20 and Genz 21 ) 


Numerical integration can be costly and is typically limited to between 100 and 500 fail- 
ure modes. In the present work, numerical integration is performed using the algorithm 
developed by Genz. 21 The Genz algorithm 21 presents an efficient numerical integration 
scheme for solving Eq. 12 for larger values of mf, up to 500. Numerical integration is a 
reasonable approach here, since the number of failure modes considered is in the order of 
10. For larger problems, the bounding or approximation approaches should be considered 
instead. 

The series system failure P S (F) can not be obtained directly from Eq. 12, since the 
definition is based in the union of the failure modes instead of the intersection as was the 
case for the parallel system failure P p (F). However, two approaches are available that can 
be used to convert P S (F) into a form that can be evaluated by Eq. 12. The first approach is 
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to make use of the complement of the failure modes F to obtain: 


P S (F) = 1 - P S (F) (13) 

In addition, De Morgan’s rule (e.g., Haidar and Mahadevan 9 ) can be used to expand the 
complement as follows: 


P S (F) = P(Fx U F 2 U . . . U F m/ ) = P(Fi n F 2 n . . . n F m/ ) (14) 


which is in a form that can be evaluated by Eq. 12. 

The second approach is to make use of the definition of the probability of the union of 
two or more events. For example, for two failure modes this would provide (e.g., Haidar 
and Mahadevan 9 ): 


P S (F) = P(Fi U F 2 ) = P(FO + P(F 2 ) - P(Fx n F 2 ) (15) 

For this example the first two terms on the right hand side can be evaluated using the 
uni-variate integral of Eq. 7, while the third term can be evaluated using the bi-variate 
integral of Eq. 9. In general, when considering more than two failure modes, the terms on 
the right hand side will include more than two failure events and the multi- variate integral 
of Eq. 12 can be used. 

The advantage of using the first approach is that only a single multi-variate integral is 
required. The disadvantage is that two numbers that are very close to each other are sub- 
tracted, with a potential loss in significant digits. The advantage of the second approach 
is that the problem with subtracting two numbers that are close to each other is avoided. 
The disadvantage is that the number of terms on the right hand side grows exponentially 
as the number of failure modes increases. For example, for three failure modes the num- 
ber of terms is equal to seven. However, the first order terms (P(Fi) and P(F 2 ) in the 
above example) are the most important and an upper bound to P S (F) can be obtained by 
considering only these terms. The advantage then would be that the number of terms 
grow linearly with the number of failure modes and that one only has to perform a num- 
ber of numerically efficient uni-variate integrals rather than one numerically expensive 
multi-variate integral. 

When the conditional probability of failure P(F|A) that occurs when accounting for 
multiple failure modes and multiple proof tests is considered, it is also necessary to deal 
with both the series and parallel system reliability definitions. For the parallel system, this 
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results in: 


P P (F|A) 


p(f n a) p ((Fi n f 2 n . . . n F m /) n (Ai n a 2 n . . . n A mp ) ) 
f(a) p(Ai n a 2 n . . . n A mp ) 


(16) 


where mp represents the number of proof test failure modes. Equation 16 can be evaluated 
using Eq. 12. Note that the conditional probability of failure requires the evaluation of two 
separate multi- variate integrals, one for the numerator and one for the denominator. The 
numerator has mf + mp terms, while the denominator has mp terms. 

For the series case the conditional probability results in: 


P S (F|A) 


p ((Fi uF 2 u...uF m/ )n(A 1 nA 2 n...n A mp )) 
p(Ax n a 2 n . . . n A mp ) 


(17) 


As was the case for P S (F), there are two strategies that can be used to convert Eq. 17 into 
a form where the multi-variate integral of Eq. 12 is applicable. For the first approach, the 
complement and De Morgan’s rule is used similar to Eqs. 13 and 14 to obtain: 


P S (F|A) = 1 - P(F|A) 


p((Fx n f 2 n . . . n F mf ) n a) 

P(A) 


(18) 


For the second approach, the definition for the probability of the union of events is used 
similar to Eq. 15. For the special case where two failure modes are considered, this results 


in: 


P S (F|A) 


p(Fi n A) p(f 2 n a) p((Fi n f 2 ) n a) 

P(A) + P(A) P(A) 


(19) 


In both cases the multi- variate integral of Eq 12 can be used to evaluate the numerator 
and denominator of the right hand side terms. As was the case when evaluating P S (F), the 
same advantages and disadvantages exist for each approach. However, numerical experi- 
mentation has shown that the first approach is problematic. The numerical integration of 
the numerator in Eq. 18 was found to be difficult and the Genz algorithm has trouble con- 
verging. Although the second approach could have a large number of terms on the right 
hand side, it has the advantage that the Genz algorithm seems to converge very easily for 
all of these terms. As a result, the second approach is used throughout this paper. Further- 
more, it is shown that for the example problems considered here, that an insignificant loss 
of accuracy is incurred by creating an upper bound for P S (F|A) using: 


P S (F|A) 


min 


mf \ 

1.0,2 Wi|A) 


V i=i J 


( 20 ) 
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VI. Numerical Examples 


Two analytic example problems are considered to illustrate the proposed method. The 
first is a simple cantilevered beam that has a single load condition with a single failure 
mode and thus illustrates the use of P(F|A). The second is a stepped cantilevered beam, 
that also has a single load condition but with multiple failure regions for both the service 
and the proof loads. For the second example, a series system reliability approach is fol- 
lowed and thus the use of P S (F |A) is illustrated. In both cases, a single, uniform material 
is assumed and the volume instead of the weight is used as objective function. When using 
a single, uniform material, minimizing the volume is equivalent to minimizing the weight. 

In both cases, a deterministic design is performed first, using the limit load and safety 
factor approach of Eq. 2 and the allowable failure stress of Eq. 3. The probability of failure 
for these deterministic designs are then determined using the FORM approach and is used 
as the required probability of failure P req for the RBDO design that follows. 


A. Example 1: Cantilevered Beam Problem 


The first example problem is a simple linear, homogeneous and isotropic cantilevered beam 
with a uniform cross-section as illustrated in Fig. 4. The beam has length l, width b, height 
h and is subject to a service load L at the tip. 


i 


L 

u 


Cross-section 

h 

b 


Figure 4. Cantilevered beam 


It is assumed that the beam has random variables that are both independent and nor- 
mal with the distribution data outlined in Table 1. Note that all variables have a fixed 
standard deviation. Also, the mean values of the width and height are not yet known and 
will be determined from the optimization process. The standard deviation of the geomet- 
ric variables represent machining tolerances and although a uniform distribution may have 
been more appropriate, a normal distribution is used in the present work. 
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Table 1. Random variable definition 


Parameter 

Distribution 

Load (L) 

jV(1000, 100) N 

Length (Z) 

N(500.0, 2.0) mm 

Width (b) 

NO, 1.0) mm 

Height (h) 

NO, 1.0) mm 

Failure Stress ( Of ai i ) IV (350, 25) MPa 


The first step is to perform a deterministic design of the beam as follows: 


Minimize: 

Volume 

Such That: 



0 max — ail 


b,h> 0 


( 21 ) 


where the first constraint is a simple geometric constraint to ensure stability and: 


_ 6 LI 

° max - ^ 

L = 1.4(/x l + 3s l ) 

d/ai! — Fa /ai j — 3s a/ai; 


( 22 ) 


The deterministic optimization was performed using a safety factor of 1.4 for the load, 
the mean values of the quantities in Table 1 and the DOT 22 optimizer. The results are 
summarized in Table 2. Both constraints are active at the optimum. 


Table 2. Deterministic optimization results 


Parameter 

Value 

Width (b) 

17.1 mm 

Height (b) 

34.1 mm 


To determine the probability of failure P(F) for the deterministic design outlined in 
Table 2, a FORM analysis was performed using the distribution data of Table 1. The 
resulting probability of failure was found to be P(F) =7.12xl0 -9 . Using this probability of 
failure as P req in Eq. 4 resulted in a RBDO design that was the same as the deterministic 
design. For this simple example problem, there is thus no advantage moving from the 
deterministic to an equivalent RBDO design. 

Before continuing to the RBDO design that includes the proof test data, a numerical 
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experiment was performed to determine the accuracy of the assumptions outlined in this 
paper for evaluating P(F |A). For this experiment, a deterministic optimization was per- 
formed, but using n Gfail instead of bf a u to obtain a design with a probability of failure 
P(F) = 3.88xl0 -5 instead of 7.12xl0 -9 . This was done to obtain a probability of failure 
value that could be validated with a reasonable number of Monte Carlo simulations. The 
accuracy of the Monte Carlo simulations was evaluated by calculating the coefficient of 
variation (COV) using Eq. 23, obtained from Haidar and Mahadevan. 9 

ki-p f )Pf 

COVtPf ) = 5 Pf = V (23) 

In Eq. 23 Pf is the probability of failure as estimated by the Monte Carlo simulation and 
M is the number of Monte Carlo analyses that was performed. The Monte Carlo results 
are compared to the probability of failure P(F), the probability of failing the proof test 
1 — P(A) and the conditional probability of failure P(F|A) computed using the proposed 
FORM based approach. For this experiment, five Monte Carlo simulations were considered. 
Due to the different magnitudes of the estimated probability of failure values obtained, 
different numbers of analyses were considered for each of the Monte Carlo simulations. 
For the first simulation 5xl0 6 analyses was considered, for the 2 nd , 3 rd and 4 th simulations 
25xl0 6 analyses and for the 5 th simulation 75xl0 6 analyses. The average COV values for 
the five simulations were 0.04 for P(F), 0.10 for 1 — P(A) and 0.01 for P(F|A). The results 
are summarized in Fig. 5 below. 



Figure 5. FORM analysis validation using Monte Carlo simulations (solid lines from FORM analysis, 
dots from Monte Carlo simulations) 


In Fig. 5, the y-axis provides the probability of failure and has a logarithmic scale. The 
x-axis specifies the proof load value. For this example, the proof load is defined as a point 
load that is applied at the same location and in the same direction as the service load and 
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varies from the mean value of the service load (1000 N) to 1.4 times the mean value of the 
service load (1400 N). For reference, the limit load has a value of 1300 N. From Fig. 5 it is 
clear that the P(F) value is not influenced by the proof load. However, as the proof load 
is increased, the probability of failing the proof load 1 — P(A) is also increased, while the 
conditional probability of failure P(F|A) is reduced. Considering the COV values for the 
Monte Carlo simulations, all three cases show good correlation between the FORM based 
and the Monte Carlo results. Clearly the Monte Carlo simulations validate the overall trend 
obtained from the FORM based approach. 

To account for the proof test data, the following RBDO design problem was defined: 


Minimize: Volume 



Such That: ^ < 2 

h 

P(F|A) < 7.12 x 10“ 9 

(Conditional POF) 

(24) 

1 — P(A) < Pproof 
b,h,p > 0 

(Prob of failing proof test) 



where the required probability of failure was obtained from the deterministic design and 
the required probability of failing the proof test P proo f can be set by the designer. In this 
work, the value of P pr0 of will be varied to obtain a trade-off graph. Note that the magnitude 
of the proof load p is also included as a design variable. The results of the trade-off study 
when varying the value of P proo f in Eq. 24 is summarized graphically in Fig. 6. 



Figure 6. Trade-off study for different values of P proo / (with optimized proof load) 


In Fig. 6 the objective function is normalized with respect to the deterministic optimum, 
while the proof load is normalized with respect to mean value of the service load. As a 
reference, the limit load would have a normalized value of 1.3 and a proof test load of 1.2 
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times the limit load would have a normalized value of 1.56. 

From Fig. 6 it is clear that by including the proof test data as part of the RBDO de- 
sign process, that it is possible to realize significant weight savings while maintaining the 
same high reliability obtained from the original deterministic design. Also, the normalized 
objective function is reduced very quickly for relatively small probabilities of failing the 
proof test, with diminishing returns for higher probabilities of failing the proof test. Fi- 
nally, when designing both the structure and the proof test at the same time, the optimizer 
prefers to use lower values for the proof test than one would typically expect. The standard 
proof test value would be 1.2 times the limit load. 23 In Fig. 6 all tests are performed below 
this threshold. Armed with a trade-off graph like Fig. 6, the designer can make informed 
decisions as to what weight savings can be realized for an acceptable probability of failing 
the proof test. 

The results of Fig. 6 should also be compared to the current way of proof testing, where 
a fixed proof load is used. The trade-off study for a fixed proof load equal to 1.2 times the 
limit load is shown in Fig. 7. From Fig. 7 it is clear that even with the current approach 



Figure 7. Normalized objective function for different values of P proo f using a fixed proof load 

of using a fixed proof test load, significant weight saving is possible. Also, Fig. 7 has great 
value in helping the designer manage the risk associated with performing the proof test. 
However, when compared to Fig. 6, it is clear that additional weight savings is possible 
when also considering the proof test load as a design variable. 

B. Example 2: Stepped Cantilevered Beam Problem 

The second example problem is a stepped cantilevered beam with three segments. The 
beam is also linear, homogeneous and isotropic and each of the three segments are as- 
sumed to have a uniform cross-section. The height of each segment h t is different, while 
the beam has a constant width b throughout. The length of the beam is l = 0.5 m and 
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is not considered as a random variable. The beam is subject to a uniformly distributed 
service load q and a proof load that consists of three components L\, L 2 and L 3 . These 
three load components represent three actuators that are used to simulate the service load 
during the proof test. As a result, the relative magnitude of the three load components are 
fixed as shown in Fig. 8. The relative magnitude between the three load components were 
obtained from a lumped equivalent work approach (e.g., Cook, Malkus and Plesha 24 ) simi- 
lar to what one would use when modeling the beam with three finite elements. The actual 
proof load is obtained by multiplying a single scale factor with the relative magnitude of 
the load components to obtain the values for L ; . 

q = Distributed service load 



Figure 8. Stepped cantilevered beam 


As for the first example, the random variables are assumed to be normally distributed 
and independent with the distribution data summarized in Table 3. The mean values 
of the height and width variables are not yet known and will be determined from the 
optimization process. 


Table 3. Random variable definition 


Parameter 

Distribution 

Load (q) 

N(7 500, 750) N/m 

Width (b) 

N(?, 1.0) mm 

Height (Tii) 

N(?, 1.0) mm 

Height (h 2 ) 

N(?, 1.0) mm 

Height (b 3 ) 

N(?, 1.0) mm 

Failure Stress ( Of a u ) 

N(350, 25) MPa 


The deterministic optimization is performed first, using the following formulation: 

Minimize: Volume 

Such That: ~r < 2 where i = 1,2,3 

b (25) 

®maxi — Gfail 

b,hi> 0 
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where the first constraint equation represents three geometric constraints to ensure stabil- 
ity and: 


3 q U4-m 2 
bhf{ 3 J 


q = 1.4(/iq + 3s q ) 


(26) 


bfail P Ofail So fail 


As was the case for the first example, a safety factor of 1.4 is used for the load. 

The DOT results for this deterministic optimization are summarized in Table 4. The 
optimum design is fully stressed with the failure stress constraint active for each of the 
three segments. 


Table 4. Deterministic optimization results 


Parameter 

Value 

Width (b) 

21.0 

mm 

Segment 1 Height (hi) 

42.1 

mm 

Segment 2 Height (h 2 ) 

28.0 

mm 

Segment 3 Height (h 3 ) 

14.0 

mm 


Next a FORM analysis was performed to determine the probability of failure for the 
deterministic design. A series system reliability approach and the distribution data of Ta- 
ble 3 were used. The resulting probability of failure was found to be P S (F) = 2.56xl0 -5 . 
With the probability of failure known for the deterministic design, an equivalent RBDO de- 
sign could be performed using the formulation outlined in Eq. 4. Unlike the first example, 
the equivalent RBDO for the second example provided a design that differed significantly 
from the deterministic design. The RBDO design is summarized in Table 5. Table 5 also 
includes the results from a second RBDO run, where the value of P req was changed from 
2.56xl0 -5 to l.OxlCT 7 . The reduced weight associated with the RBDO design is a result 
of the difference between the two design approaches which is discussed in more detail 
below. 

Table 5 indicates that the equivalent RBDO design with the same P S (F) value as the 
deterministic design resulted in a 12% weight savings when compared to the deterministic 
design. In addition, when reducing the P req value to l.OxlO -7 , the probability of failure 
was reduced by roughly two orders of magnitude while maintaining roughly the same 
weight when compared to the deterministic design. The weight savings that are realized 
in the RBDO designs are a result of the distribution of the probability of failure values for 
each of the three segments as outlined in Table 6. 

Table 6 clearly illustrates the difference between the two design approaches. The deter- 
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Table 5. Reliability based design optimization results 


Parameter 

Deterministic 

RBDO 1 

RBDO 2 

P,(F) 

2.56xl(T 5 

2.56xl0 -5 

l.OxlO -7 

Width (b) (mm) 

21.0 

19.3 

20.3 

Height (hi) (mm) 

42.1 

38.7 

40.7 

Height (h 2 ) (mm) 

28.0 

26.7 

28.1 

Height (fr 3 ) (mm) 

14.0 

15.0 

16.1 

Volume (xlCT 6 m 3 ) 

885.3 

777.1 

862.9 

RBDO 1 -RBi 

DO design with P req 

=2.56xl0“ 5 



RBDO 2 - RBDO design with P req =1.0x10 7 


Table 6. Probability of failure values for each segment. Both designs has P S (F) = 2.56x10 5 (Stress 
values calculated from the design load in both cases) 


Parameter 

Deterministic 
Stress (MPa) P(F) 

RBDO 

Stress (MPa) P(F) 

Segment 1 

275 

7.19xlO -10 

354 

1.56XKT 5 

Segment 2 

275 

9.73XKT 9 

329 

7.21 xl0“ 6 

Segment 3 

275 

2.55X10” 5 

261 

4.23XKT 6 


ministic design is only concerned with stress and results in a fully stressed design with the 
same maximum stress value for each segment. In contrast the RBDO design is only con- 
cerned with the P S (F) value, which is determined from the P(F) values for each segment. 
Acar and Haftka 25 illustrated that for the RBDO design, the ratio of the probability of fail- 
ure for each segment should be roughly equal to the weight ratio of the segments. The 
weight and probability of failure ratios of the three segments are summarized in Table 7 
below. In both cases, the normalization was performed using the values for segment 3. 
Clearly the weight and probability of failure ratios exhibit the same trend as observed by 
Acar and Haftka. 25 

Table 7. Comparison of weight and probability of failure ratios for the RBDO design (in both cases 
the values are normalized with that of segment 3) 



Normalized 

Weight 

Normalized 

P S (F) 

Segment 1 

3 

3.7 

Segment 2 

2 

1.7 

Segment 3 

1 

1 


Although the P S (F) value is the same for both designs, the P(F) values for each segment 
are significantly different. Even though the maximum stress value is the same for each 
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segment in the deterministic design, only segment 3 is critical from a probability of failure 
point of view, while segments 1 and 2 are over designed. The reason for the different 
P(F) values is that the standard deviation for the values are constant. For segment 3 
the mean deterministic design value for h is much smaller than for segment 1. The fixed 
standard deviation thus has a much larger influence on the stress value of segment 3 than 
it does on the stress value of segment 1, resulting in the higher probability of failure for 
segment 3. Similarly, due to the smaller variability in the stress value of segment 1, the 
RBDO approach allows a higher stress value for this segment, while maintaining a lower 
stress value in segment 3. 

Before continuing to the RBDO design that includes the proof test data, another nu- 
merical experiment was conducted to compare the results obtained from the FORM based 
approach outlined in this paper with a Monte Carlo simulation. For this experiment the 
RBDO design with P S (F) =2.56xl0 -5 was used as a design point, and a proof load that 
represents the limit load was applied. For the Monte Carlo simulation 10 8 analyses were 
performed and the results are summarized in Table 8. 

Table 8. Comparison of Monte Carlo and FORM results for RBDO design with P S (F) =2.56x10 5 and 
proof load equal to limit load (For the Monte Carlo results, the values in parenthesis indicate the COV 
values obtained from Eq. 23) 


Parameter 

Monte Carlo 

FORM 

FORM* 

P S (F) 

2.764X1CT 5 

(0.019) 

2.557xl0“ s 

2.701 xl0“ 5 

P(A) 

0.997827 

(4.667xl0“ 6 ) 

0.998038 

— 

P S (F|A) 

2.916xl0 -6 

(0.059) 

3.422XKT 6 

3.423XKT 6 


In Table 8, the FORM** column indicates results obtained from the upper bound ap- 
proximation for the P s values as outlined in Eq. 20. Table 8 shows excellent correlation 
between the FORM and FORM** columns, indicating that the upper bound approximation 
approach for estimating the P s values is valid for the current example problem. In ad- 
dition, Table 8 shows good correlation between the Monte Carlo and FORM approaches 
for the P S (F) and P(A) values, with a slightly larger variation for the P S (F|A) value. This 
larger variation can in part be explained by the smaller numerical value associated with 
P S (F|A). The Monte Carlo simulation resulted in 2764 failures in 10 8 simulations used 
for estimating the P S (F) value, compared to only 291 failures in 10 8 simulations used for 
estimating the P S (F|A) value. The Monte Carlo estimate of P S (F|A) is thus less accurate 
than than of P S (F). 

The final step for this example problem was to perform the RBDO design that accounts 
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for the proof test data. The following formulation was used: 


Minimize: Volume 

Such That: ^ < 2 

b 

P(F | A) < 1.0 x 10 -7 (Conditional POF) 

1 — P(A) < P P roof (Prob of failing any proof test) 

b, h u p > 0 


( 27 ) 


The P re q value used for the conditional probability of failure in Eq. 27 was obtained 
from the second RBDO design outlined in Table 5. The magnitude of the proof load is 
included as a design variable and the allowable probability of failing the proof test P pr0 of 
was varied to generate a trade-off as shown in Fig. 9. 



Figure 9. Trade-off study for different values of P pr0 of 

In Fig. 9 the x-axis provides the specified probability of failing the proof test. The ob- 
jective function is normalized with respect to the RBDO design for P(F) = 1. Ox 10 -7 (the 
RBDO design already presents a small weight savings over the corresponding determin- 
istic design, but with a significantly higher reliability) and the proof load is normalized 
with respect to the mean value of the service load. As a reference, a proof test load that 
corresponds to 1.2 times the limit load would have a normalized value of 1.56. 

Figure 9 presents a similar effect on the objective function, as was observed in Fig. 6 
with a rapid initial drop-off in weight, followed by diminishing returns for larger proof 
failure probabilities. Figure 9 indicates roughly an 8% reduction in weight over the corre- 
sponding RBDO design (that does not account for the proof test data) with a probability 
of 1 in 1000 of failing the proof load. For the proof load, as was the case in Fig. 6, Fig. 9 
indicates that the proof tests should be performed at smaller values than what is typically 
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used. In this case, the proof load should be just below the limit load, while standard 
practice is to use a proof load 1.2 times the limit load. It is interesting to note that the 
traditional use of acceptance testing is to check workmanship. However, the question at 
which level to perform the acceptance test is generally not known and typically depends 
on individual experience. Trade-off graphs like those presented in Figs. 6 and 9 may be 
used as a quantitative tool to help determine and motivate an appropriate level at which 
to perform the acceptance test. In Fig. 9, the proof load basically remains constant over 
the full range of P pr0 of values considered. The optimizer increases the probability of failing 
the proof test by decreasing the weight rather than by increasing the proof load. 

VII. Concluding Remarks 

This paper presents a methodology for including the results of proof/acceptance tests 
in the RBDO process. The proposed method allows for the simultaneous design of the 
structural component and the proof test itself and provides the designer with direct control 
over the probability of failing the proof test. The results indicate that a significant weight 
saving is possible when including the proof test results in the design process as compared 
to equivalent deterministic or RBDO designs, while maintaining the same probability of 
failure as obtained from the deterministic design. Trade-off graphs generated here allows 
the designer to select an appropriate probability of failing the proof test, based on the 
project at hand. 

Several issues should be further investigated in future work. This includes the assump- 
tion that the components remain in pristine condition after the proof test. The use of 
more realistic distribution data, other than independent, normal distributions, should be 
explored. For example, other distributions may be more appropriate than the normal dis- 
tribution used here to represent manufacturing tolerances. Also, analysis techniques other 
than FORM should be investigated to provide the designer with a wider range of tools for 
performing the probabilistic analysis. Finally, the method should be applied to more com- 
plicated applications that require the use of numerical simulations techniques like finite 
element analyses. 
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